RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

Don't accept the default here, take the longest possible by typing 4096 and hitting enter. Next, gpg will ask when your key should expire. You can either specify days, weeks, months, years or accept the default (never expire). It's a balancing act; the more often you get new keys the more secure they will be against attacks. On the other hand, each time you change your key, you need to send the new one to each of your friends and they have to remember to use the new one for passing you notes. For now, just take the default (gpg will ask for confirmation, so type y and hit enter). Next, fill in your name, email and comment and confirm them by typing o and then enter.

Next, enter a pass phrase. It can have spaces and it can be fairly long. Pick something easy to remember; a favorite quote or maybe a few lines from a song you like.

This next part may seem a bit weird, but gpg actually needs you to do some other stuff on the computer. Anything you like, but actually do things. Compose an email, check your favorite news aggregator, do some drawing, hit your head on the keyboard, kick the mouse around for a while, whatever you need to do. It may occasionally ask you to keep at it with messages like

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 148 more bytes)
..............+++++

Eventually, it'll give you back control of your terminal, and at that point your key has been created. The hard part is done.

Step 4: Share Your Keys

Ok, get those friends that I told you to have ready.

Each of you should run the command

gpg --armor --output your-name.txt --export your-name

(your-name should be the name you typed in as part of your information in Step 3). That will create your-name.txt; a text file that should look something like

It won't look exactly the same, yours will be different, but it will be about that wide and surrounded by the --- PUBLIC KEY BLOCK --- tags. That's your public key. Give it to your friends and get theirs. It doesn't matter how; either bust out the USB sticks or hop on a network and use scp or just paste that text to your Deviant-Linked-Book-Space page or personal site. Each of you should get the key text files and run

gpg --import your-friends-name.txt

for every key you have. Once that's done, check that you have all your friends' keys imported by typing gpg --list-keys and hitting enter.

Step 5: Send A Message

Type up your message in a text file (we'll call it message.txt, but it can be any type of file) and then run

You can now send this to everyone. Email, Facebook, reddit, your blog, a random comment section, anything goes. Only people with the keys you specified as --recipients will be able to decrypt it.

Step 6: Read A Message

If you get a block like the above from one of your friends, save it to a text file called encrypted.gpg[4] and run

gpg --output decrypted.txt --decrypt encrypted.gpg

And decrypted.txt will now contain the note your friend passed you in plain text that you can read. Of course, anyone can read it now, so if it discusses anything you really want to keep secret, you should run shred on it once you've read it.

Boss Fight

Use the comment section of Joe Armstrong's Blog to send a message to a friend that only the two of you can read. If you're feeling adventurous, send it to all of the friends you got together in Step 1

Bonus Stage

Sending your friends messages that your parents can't read is nice, but if they catch you, they can still ground you until you decrypt it for them[5]. Ideally, you'd send your friends messages that your parents or teachers wouldn't even know are messages. To do that, you need a second program called steghide. On Debian GNU/Linux, just type apt-get install steghide as root. Cygwin supports this package too, but I have no idea how to get it on OS X so you Mac users are on your own here.

Get an image, like this one

encrypt your message, and then run

steghide embed -ef message.gpg -cf not-sure-if-secret.jpg

You will be asked for a pass phrase, leave it blank for now, but you should really agree to one with your friends and use it to protect these. You can now send your friends that image via email or imgur without raising suspicions (unless your parents are reading this blog). When your friends get it, they can run

steghide extract -sf not-sure-if-secret.jpg

(and enter the pass phrase if you set one) to get your encrypted message and then decrypt that to read what you sent them. You can use steghide to hide files in images or music that you can then send without raising suspicions.

Secret Boss Fight

Send your mailing list one of those stupid Fw: Fw: Fw: Fw: joke mails, but embed a secret message to one of your friends in the first picture. Ideally, that friend should be one of the people you send the email, otherwise you're needlessly spamming.

Secret Boss Fight -- Stage 2

Find a forum/reddit thread somewhere and carry on a steganographic, encrypted conversation about hipster ninjas with two or three of your friends.

Secret Boss Fight -- Final Stage

Sneak onto your friends' computer while they're in the washroom and change their desktop background to a steganographic message. Chuckle about it constantly. When asked "What's so funny", laugh maniacally and run out of the room with your stuff.

Footnotes

1 - [back] - Or teachers, or political enemies, or competitors, what-have-you

2 - [back] - If you don't have access to your own computer, you can use a usb stick to run Ubuntu live, or (better yet) TAILS and merely plug it into whatever computer you do actually have access to.

3 - [back] - If all of your friends can be trusted to keep secrets, you might opt to go with a symmetric cypher instead. The process of sending and receiving messages is more or less the same, but there's only one key that the entire group shares rather than there being two keys per person (a public and a private). The advantage is that there's less to keep track of. The downside is that if anyone finds out your key, all your notes can be cracked rather than just those sent to the person who let their key get compromised. I won't go through this method, but if you follow that link to the GnuPG manual, you should be able to figure it out.

4 - [back] - It doesn't actually need to be called that, just an example.

5 - [back] - They probably won't just ask for your key because they'd have no idea what to do with it.

Ruby and Erlang each come with their own modes, and recent Emacs versions ship with a built-in Python mode and shell. Smalltalk uses its own environment (though GNU Smalltalk does have its own mode), and I'd really rather not talk about PHP. If you're writing in it, chances are you're using Eclipse or an IDE anyway.